All Resources
Doc5 min readApr 2, 2026

Connection Wizard - CLI

Introduction

The Cloudsaver Connection Wizard's CLI connector automates deployment of CloudFormation StackSets containing IAM cross-account roles and permission policies. The tool uses an interactive bash or PowerShell script to rapidly deploy from your management account to member accounts.

Prerequisites

Two key requirements must be in place:

  1. CloudFormation StackSets Configuration: CloudFormation StackSets must be configured to operate with self-managed permissions from the management account.
  2. Local CLI Configuration:Your local CLI must have a profile with credentials to access your AWS Organization's management account.

For self-managed permissions mode, you'll need an administrative role the CloudFormation service can assume in your management account and an execution role it can assume in each target member account. AWS documentation covers this setup in detail.

Getting Started

Verify Prerequisites

Run two commands to confirm your credentials:

  1. Organizations command: Execute the describe organizationsub-command to identify your Organization's management account via the MasterAccountID.
  2. STS command: Execute the get caller identity sub-command to verify your CLI profile accesses the correct management account ID.

Both IDs should match to proceed.

Launch Connection Wizard

  1. Open the Cloudsaver platform and select "Get started" from the Dashboard
  2. Choose "Connect AWS Account"
  3. Click "Next" on the initial screen
  4. Select "CLI" from your Connection Method options

Execute the Script

  1. Choose your operating system tab (Windows/PowerShell or Linux/bash)
  2. Copy the provided command containing your temporary authentication token
  3. Paste and execute the command in your terminal

The script detects configured AWS accounts and prompts you to connect them.

Connect Accounts

The script will ask which member accounts to connect:

  • Enter 1 to connect all accounts
  • Enter 2 to select accounts individually from a list
  • Enter 3 to specify accounts by their 10-digit IDs

After connecting, you'll return to the Cloudsaver platform where the "Connection Successful" indicator will update.

Want to see how this applies to your environment?

Get your free savings assessment